The Internet, in servicing the demands of millions of users, has introduced security concerns of a new magnitude by making a single computer potentially vulnerable to attack from many millions of geographically dispersed users. Even if a server is effectively protected against intrusive security breaches, it may still be vulnerable to a range of denial-of-service attacks, such as connection-depletion attacks. A connection-depletion attack is one in which the attacker seeks to initiate and leave unresolved a large number of connection (or service) requests to a server, exhausting its resources and rendering it incapable of servicing legitimate requests. The Secure Sockets Layer (“SSL”) protocol is potentially vulnerable to such serious connection-depletion attacks.
The Secure Sockets Layer (SSL) protocol, a network communication protocol originally defined by Netscape Communications Corporation, and improvements such as Transport Layer Security (“TLS”), provide ways for a client to communicate with a server in a confidential or secure manner over a public network. In basic terms, SSL involves negotiating an encryption method between the client and server, and then encrypting data that is subsequently communicated among the client and server using the negotiated encryption method. In this context, “client” refers to an end station device that receives network services, such as a workstation, personal computer, personal digital assistant, etc., and “server” refers to a processing device that provides network services to one or more clients, such as a server-class computer, mini-computer, mainframe, etc. The client and server may be peers.
SSL communications among a client and server happen in two distinct phases called a “handshake phase” and a “data transmission phase.” In the handshake phase, the client and server communicate information that negotiates agreed-upon security parameter values. In basic terms, the handshake phase is carried out because the client and server initially do not know or trust one another and therefore must negotiate a way to encrypt communications among them. In the data phase, the client or server (a “party”) encrypts information using the agreed-upon security parameter values and sends it to the opposite party, which decrypts it using the security parameters. An alert phase is also defined for identifying and reporting certain errors that occur in the other phases.
The SSL protocol is susceptible to denial-of-service attacks as it does not provide a timeout for any portion of its connection, during either the handshake or the data transmission state. An attack on a secure socket layer (SSL) server can be created such that the server will lose resources and eventually deny all legitimate traffic. The attack could involve:
1) sending a short but otherwise correct SSL header, thereby creating a legitimate Transmission Control Protocol (“TCP”) connection, but an SSL connection in the process of a handshake;
2) at any stage of the SSL connection setup, SSL messages are no longer sent and the TCP connection is kept alive by probing, so that the handshake phase does not complete;
3) an SSL connection completes the full SSL handshake, but the attacker probes the TCP connection to keep it alive without sending any data, thereby burdening that connection resource and creating the impression that the connection is simply slow;
4) the attacker purposely creates many such very slow connections until the server cannot support any more connections.
In any of the above scenarios, the connections will not time out via TCP or SSL, causing all connection resources to be used. This will effectively deny the use of the server to any legitimate user.
A previous approach addressing denial-of-service hacker attacks has been the use of RSA puzzles, developed by RSA Security, Inc. of Bedford, Mass. This peer verification process using client puzzles is designed to allow servers to accept connection requests normally when there is no evidence of attack, but during an attack would only selectively accept requests. Specifically, the server would hand out to each client making a request a unique “client puzzle”—a cryptographic problem formulated using the then-current time, and other information unique to the server and client. In order to have resources allocated for a specific connection, the client must submit to the server a correct solution to an individual puzzle deployed with conventional timeouts on server resources. During an attack, legitimate clients would experience only a small degradation in connection time, while the attacking party would require vast computational resources to sustain an interruption of service. As a result, the subsequent burden of numerous requests, placed back on the attacking party, would severely limit its ability to continue the attack.
However, a limitation of this approach is that it requires modifications to existing standardized SSL protocols, as opposed to working with existing protocols. A company implementing an RSA solution would either need to update or attain entirely new SSL server software.
Based on the foregoing, there is a clear need to provide a solution to prevent attackers attempting to deny service to SSL servers by creating purposely slow connections.
In particular, there is a need for a solution that uses minimal computational resources while maintaining flexibility for users.
There is also a need for a method for prevention of denial-of-service attacks that will not require reconfiguration of existing SSL protocols.